450a09d214d4e6d33ce4a2e7f483398e5d88fa5c991ea94b2eadc48d1477d24b

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 02:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

530bc863a9c34b99fabbef829b01ec00_NEAS.exe
Size

86KB
MD5

530bc863a9c34b99fabbef829b01ec00
SHA1

b0941369d9e91334e5a076780fc15ad030fdd2f6
SHA256

450a09d214d4e6d33ce4a2e7f483398e5d88fa5c991ea94b2eadc48d1477d24b
SHA512

22c79e6890f23722330b96a05184e7af20fd2c03693bb6883c9514b98367e9dfb60fb00ec6e9171a4e87db54920bf70fb3017bab0df916d4632c08634109546a
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNc:6rWpcOPxPke+e3fFpsJOfFpsJbgEK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3558) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\settings.html.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	530bc863a9c34b99fabbef829b01ec00_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\530bc863a9c34b99fabbef829b01ec00_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\530bc863a9c34b99fabbef829b01ec00_NEAS.exe"
1⤵
- Drops file in Program Files directory
PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
86KB

MD5
033356abb4454b23d8dd155d10c845bc

SHA1
fb37f72eb0dd602777a9a714dda41639492e518f

SHA256
3ff9f5202869d3196cca5c8640731d9833c79ba71a76f746fe603f8b929caeb9

SHA512
68a508b5f5fbec85e84247fcf5e516196b418f51179a5ab79a814b7671ba4164480e2d06bb352a38b513769aff9b2083cb1614d81d6e1d75bb6b591e57070d42

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
25f9ec45efa2d25afbbbfcae99261e58

SHA1
d473f150e9d31bd79847691505ac76a434cce424

SHA256
f1f8c2212ee2a58c623b601fd07d9573e53523d54835668940f3e257d828e513

SHA512
b02754ed7bf203fd68754b7a0669001df2fffe12e7b9f52852ea138ead2b0a15ecbc102c53b3f0c991d59ded3e45a4bde61d8f6ac21f9e3be76005f73213cae7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads